1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
// twofish.cpp - modified by Wei Dai from Matthew Skala's twofish.c
// The original code and all modifications are in the public domain.
#include "pch.h"
#include "twofish.h"
#include "misc.h"
NAMESPACE_BEGIN(CryptoPP)
// compute (c * x^4) mod (x^4 + (a + 1/a) * x^3 + a * x^2 + (a + 1/a) * x + 1)
// over GF(256)
static inline unsigned int Mod(unsigned int c)
{
static const unsigned int modulus = 0x14d;
unsigned int c2 = (c<<1) ^ ((c & 0x80) ? modulus : 0);
unsigned int c1 = c2 ^ (c>>1) ^ ((c & 1) ? (modulus>>1) : 0);
return c | (c1 << 8) | (c2 << 16) | (c1 << 24);
}
// compute RS(12,8) code with the above polynomial as generator
// this is equivalent to multiplying by the RS matrix
static word32 ReedSolomon(word32 high, word32 low)
{
for (unsigned int i=0; i<8; i++)
{
high = Mod(high>>24) ^ (high<<8) ^ (low>>24);
low <<= 8;
}
return high;
}
inline word32 Twofish::Base::h0(word32 x, const word32 *key, unsigned int kLen)
{
x = x | (x<<8) | (x<<16) | (x<<24);
switch(kLen)
{
#define Q(a, b, c, d, t) q[a][GETBYTE(t,0)] ^ (q[b][GETBYTE(t,1)] << 8) ^ (q[c][GETBYTE(t,2)] << 16) ^ (q[d][GETBYTE(t,3)] << 24)
case 4: x = Q(1, 0, 0, 1, x) ^ key[6];
case 3: x = Q(1, 1, 0, 0, x) ^ key[4];
case 2: x = Q(0, 1, 0, 1, x) ^ key[2];
x = Q(0, 0, 1, 1, x) ^ key[0];
}
return x;
}
inline word32 Twofish::Base::h(word32 x, const word32 *key, unsigned int kLen)
{
x = h0(x, key, kLen);
return mds[0][GETBYTE(x,0)] ^ mds[1][GETBYTE(x,1)] ^ mds[2][GETBYTE(x,2)] ^ mds[3][GETBYTE(x,3)];
}
void Twofish::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs &)
{
AssertValidKeyLength(keylength);
unsigned int len = (keylength <= 16 ? 2 : (keylength <= 24 ? 3 : 4));
SecBlock<word32> key(len*2);
GetUserKey(LITTLE_ENDIAN_ORDER, key.begin(), len*2, userKey, keylength);
unsigned int i;
for (i=0; i<40; i+=2)
{
word32 a = h(i, key, len);
word32 b = rotlFixed(h(i+1, key+1, len), 8);
m_k[i] = a+b;
m_k[i+1] = rotlFixed(a+2*b, 9);
}
SecBlock<word32> svec(2*len);
for (i=0; i<len; i++)
svec[2*(len-i-1)] = ReedSolomon(key[2*i+1], key[2*i]);
for (i=0; i<256; i++)
{
word32 t = h0(i, svec, len);
m_s[0][i] = mds[0][GETBYTE(t, 0)];
m_s[1][i] = mds[1][GETBYTE(t, 1)];
m_s[2][i] = mds[2][GETBYTE(t, 2)];
m_s[3][i] = mds[3][GETBYTE(t, 3)];
}
}
#define G1(x) (m_s[0][GETBYTE(x,0)] ^ m_s[1][GETBYTE(x,1)] ^ m_s[2][GETBYTE(x,2)] ^ m_s[3][GETBYTE(x,3)])
#define G2(x) (m_s[0][GETBYTE(x,3)] ^ m_s[1][GETBYTE(x,0)] ^ m_s[2][GETBYTE(x,1)] ^ m_s[3][GETBYTE(x,2)])
#define ENCROUND(n, a, b, c, d) \
x = G1 (a); y = G2 (b); \
x += y; y += x + k[2 * (n) + 1]; \
(c) ^= x + k[2 * (n)]; \
(c) = rotrFixed(c, 1); \
(d) = rotlFixed(d, 1) ^ y
#define ENCCYCLE(n) \
ENCROUND (2 * (n), a, b, c, d); \
ENCROUND (2 * (n) + 1, c, d, a, b)
#define DECROUND(n, a, b, c, d) \
x = G1 (a); y = G2 (b); \
x += y; y += x; \
(d) ^= y + k[2 * (n) + 1]; \
(d) = rotrFixed(d, 1); \
(c) = rotlFixed(c, 1); \
(c) ^= (x + k[2 * (n)])
#define DECCYCLE(n) \
DECROUND (2 * (n) + 1, c, d, a, b); \
DECROUND (2 * (n), a, b, c, d)
typedef BlockGetAndPut<word32, LittleEndian> Block;
void Twofish::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word32 x, y, a, b, c, d;
Block::Get(inBlock)(a)(b)(c)(d);
a ^= m_k[0];
b ^= m_k[1];
c ^= m_k[2];
d ^= m_k[3];
const word32 *k = m_k+8;
ENCCYCLE (0);
ENCCYCLE (1);
ENCCYCLE (2);
ENCCYCLE (3);
ENCCYCLE (4);
ENCCYCLE (5);
ENCCYCLE (6);
ENCCYCLE (7);
c ^= m_k[4];
d ^= m_k[5];
a ^= m_k[6];
b ^= m_k[7];
Block::Put(xorBlock, outBlock)(c)(d)(a)(b);
}
void Twofish::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
word32 x, y, a, b, c, d;
Block::Get(inBlock)(c)(d)(a)(b);
c ^= m_k[4];
d ^= m_k[5];
a ^= m_k[6];
b ^= m_k[7];
const word32 *k = m_k+8;
DECCYCLE (7);
DECCYCLE (6);
DECCYCLE (5);
DECCYCLE (4);
DECCYCLE (3);
DECCYCLE (2);
DECCYCLE (1);
DECCYCLE (0);
a ^= m_k[0];
b ^= m_k[1];
c ^= m_k[2];
d ^= m_k[3];
Block::Put(xorBlock, outBlock)(a)(b)(c)(d);
}
NAMESPACE_END
|